Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Y-cam
  • Ycw003
  • Ycb004 Firmware
  • Ycb002
  • Ycblhd5 Firmware
  • Ycw004 Firmware
  • Yck004 Firmware
  • Ycw003 Firmware
  • Ycw002 Firmware
  • Ycw001
  • Ycw002
  • Ycb002 Firmware
  • Ycb003 Firmware
  • Ycb003
  • Yck004
  • Yck003
  • Ycbl03 Firmware
  • Ycblb3 Firmware
  • Yceb03 Firmware
  • Ycb001 Firmware
  • Ycblb3
  • Ycb001
  • Ycw001 Firmware
  • Ycblhd5
  • Yck003 Firmware
  • Ycb004
  • Yceb03
  • Ycbl03
  • Ycw004
  • Yck002 Firmware
  • Yck002

Configuration 1 [-]

AND
cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*
cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*
References
Link Resource
http://www.y-cam.com/y-cam-security-fix/ Patch Vendor Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-05-14T00:00:00

Updated: 2015-05-13T23:57:00

Reserved: 2014-02-07T00:00:00

Link: CVE-2014-1900

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2015-05-14T00:59:00.083

Modified: 2015-05-15T13:28:36.887

Link: CVE-2014-1900

JSON object: View

cve-icon Redhat Information

No data.

CWE